I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.
no, i got the service. but I cant figure out how to ket my stuff on there
Sometimes you can get inside anonymously. ss*-key generation tool will come in handy. It is possible to upload 1 type of key inside a database, you use another type of key to authenticate.
Packetstormsecurity has a great article on remote command execution on r**** service.
If this is a spoiler, PM I will remove it.
Sometimes you can get inside anonymously. ss*-key generation tool will come in handy. It is possible to upload 1 type of key inside a database, you use another type of key to authenticate.
Packetstormsecurity has a great article on remote command execution on r**** service.
If this is a spoiler, PM I will remove it.
Thank you for your help. I got it eventually!
Stuck at the final part to get root.
“Exploit aborted due to failure: unexpected-reply: Failed to upload file”
Dont know what im missing, got creds on the web, ssl enabled.
it whould be appreciated If someone can point me on the right direction.
Postman has me stumped. I was able to successfully s** as r**. Then found user M***. Now trying to copy user.txt onto local machine, but I keep getting asked for a password? Am I missing something here? Any hints?
Finally rooted also this box. The user own was very easy… I had more difficults with the root flag. It’s an Easy box all you need is a good enumeration, find all credentials and use It for get the root. The right exploit is the Key from my perspective
Rooted! Thank you @TheCyberGeek, learned a lot about a certain service.
Foothold: That service isn’t supposed to be public-facing…
User: Enumeration will give you something to use on that other service. Flag will not come until later.
Root: searchsploit